AutomatedLab : A Provisioning Solution And Framework That Lets You Deploy Complex Labs On HyperV And Azure With Simple PowerShell Scripts
AutomatedLab (AL) enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time. There are only two requirements you need to make sure: You need the DVD ISO images and a Hyper-V host or an Azure subscription. Requirements Apart from the module itself your system needs to...
JSPanda : Client-Side Prototype Pollution Vulnerability Scanner
JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs and analyzing the JavaScript libraries' source code. However, JSpanda cannot detect advanced prototype pollution vulnerabilities. How JSPanda works? Uses multiple payloads for prototype pollution vulnerability.Gathers all the links in the targets for scanning and add payloads to JSpanda-obtained URLs, navigates to each URL with headless...
Databases Worldwide are Full of Security Holes
Data security is a big deal. Lapses in data security aren’t just a minor mistake; they can violate regulatory compliance rules, fail to protect customers who have agreed to share personal information, and risk losing companies their competitive advantage. The risks associated with database security are enormous. Fines for improper database security have stretched into the hundreds of millions of...
LeakDB : Web-Scale NoSQL Idempotent Cloud-Native Big-Data Serverless Plaintext Credential Search
LeakDB is a tool set designed to allow organizations to build and deploy their own internal plaintext "Have I Been Pwned"-like service. The LeakDB tool set can normalize, deduplicate, index, sort, and search leaked data sets on the multi-terabyte-scale, without the need to distribute large files to individual users. Once curated, LeakDB can search terabytes of data in less than a...
Kekeo : A Little Toolbox To Play With Microsoft Kerberos In C
Kekeo is a little toolbox I have started to manipulate Microsoft Kerberos in C (and for fun) ASN.1 library In kekeo, I use an external commercial library to deal with Kerberos ASN.1 structures: OSS ASN.1/C (http://www.oss.com/asn1/products/asn1-c/asn1-c.html)It was the only code generator/library that I've found to work easily with Microsoft C project. works without a lots of dependencies;magical documentation;wonderful support for my stupid questions;had a binary that work only...
Certify : Active Directory Certificate Abuse
Certify is a C# tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). Usage C:Tools>Certify.exe_ _ _ / | | | ()/ || | _ _ | |_ | | _ _| | / _ '| | | | | | | | || / | | || | | | || | __|| _||| __,...
Pwncat : Fancy Reverse And Bind Shell Handler
Pwncat is a post-exploitation platform for Linux targets. It started out as a wrapper around basic bind and reverse shells and has grown from there. It streamlines common red team operations while staging code from your attacker machine, not the target. pwncat used to only support Linux, but there has been a lot of work recently to support multiple platforms. Currently,...
Webstor : A Script To Quickly Enumerate All Websites Across All Of Your Organization’s Networks
Webstor is a tool implemented in Python under the MIT license for quickly enumerating all websites across all of your organization's networks, storing their responses, and querying for known web technologies and versions, such as those with zero-day vulnerabilities. It is intended, in particular, to solve the unique problem presented in mid to large sized organizations with decentralized administration,...
SharpML : Machine Learning Network Share Password Hunting Toolkit
SharpML is a proof of concept file share data mining tool using Machine Learning in Python and C#. The tool is discussed in more detail on our blog here, but is summarised below also: SharpML is C# and Python based tool that performs a number of operations with a view to mining file shares, querying Active Directory for users, dropping an ML...
Data Protection: Why is it Crucial in 2022
Data protection is highly important in 2022 to avoid becoming a victim of online scams, losing any stored data, and prevent others from stealing your personal information. Such actions can cause severe reputation damage and monetary loss for both businesses and individuals. Data protection is the act of following a set of rules and investing technologies to safeguard our data....
